ZDI-CAN-21705: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2023-47066

7.8HIGH

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 17 November 2023

Summary

Adobe After Effects versions 24.0.2 and earlier, including 23.6 and earlier, have a vulnerability related to out-of-bounds reads that occurs during the parsing of specially crafted files. This could allow an attacker to read beyond the allocated memory space, potentially leading to arbitrary code execution within the context of the user. It’s important to note that successful exploitation requires user interaction, as the malicious file must be opened by the victim.

Affected Version(s)

After Effects 0 <= 23.6

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Oct 30, 2023

Collectors

NVD DatabaseMitre Database